Neill Williams, Director of Smart R Distribution, explains how end-users looking to upgrade their Access Control system, can do so by enhancing what they already have, rather than ‘rip and replace’.
“You have to know the past to understand the present.” Carl Sagan
The main objective of this article is to raise awareness as to how end-users can be in control of the future of their system by having ownership of the ‘keys’ built into the Access Control cards. Before explaining why and how this is achievable, I believe it would be useful to take a brief look at how card technology has evolved over the last 40 years or so.
In the beginning there was Magstripe Access Control card and reader technology. At the time of its introduction it had a ‘wow’ factor with many impressed that for the first time, a person’s access credentials could be loaded onto a plastic card and this could be done by an installer, systems integrator or the end-user. The card, however, was poor from a security point of view as card duplicators quickly became available online, enabling anyone to overwrite or copy a card.
In the 1980’s there was a big move towards using Wiegand cards because they offered a far higher level of security with proprietary encoding formats, i.e. the way that data is laid out on a card. An open format using 26 bits of Wiegand data was adopted as the de facto standard, but with access control system manufacturers looking for higher security reserved Wiegand formats of their own which were only sold to the system manufacturer who reserved it.
Wiegand technology was almost impossible to build in the first place, let alone copy and were more reliable in terms of reading a card swiped at any speed. However, the complexity of manufacture carried a penalty of lead times of up to 6-8 weeks and there were often gaps in the number range with cards failing at the point manufacture.
Wiegand swipe cards were replaced as the technology of choice by Proximity cards because, as well as being more secure than Magstripe, they were also much more convenient to use and could be programmed to order and supplied within 2 weeks. They provided very reliable reading without having to swipe a card through a reader and with no batteries in the cards, they were also very reliable and offered longevity.
With the expiry of some of the patents relating to Proximity card technology, we arrived at a situation where any manufacturer could produce compatible cards and readers. Furthermore, without the protection of patents and with the data being stored ‘in the open’, cards could easily be cloned. The criminal fraternity, for example, could perform a ‘man-in-the- middle’ attack and capture data by standing between a card and a reader, with the data, (i.e. the card’s ID number), being rewritten to another card or simply replayed by using some electronics.
Although card cloning can be an issue, it is widely accepted that for building security purposes, the best way to combat the threat is to use a second factor of authentication, e.g. a PIN or some form of biometric identification.
To read more exclusive features and latest news please see our Q1 issue here.
Media contact
Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922
Email: [email protected]
